Why Deploy

Strix are autonomous AI agents that act like real hackers — they run your code dynamically, find vulnerabilities, and validate them through real exploitation. Built for developers and security teams who need fast, accurate security testing without the overhead of manual pentesting or the false positives of static analysis tools.

• Full hacker toolkit out of the box
• Teams of agents that collaborate and scale
• Real validation via exploitation and PoC, not false positives
• Developer-first CLI with actionable reports
• Auto-fix & reporting to accelerate remediation

Common Use Cases

• Detect and validate critical vulnerabilities in your applications
• Get penetration tests done in hours, not weeks, with compliance-ready findings
• Automate bug bounty research and generate PoCs for faster reporting
• Run tests in CI/CD to block vulnerabilities before reaching production

Deploy and Host

This Railway template provides a one-click deployment of Strix. The template provisions a sandboxed runtime with the Strix agent server ready to accept secure API requests. No heavy setup required — we take care of the infrastructure so you can focus on testing.

STRIX_TOKEN — what it is and how to use it

When Strix is deployed from this template, the service is protected with a single secret token called STRIX_TOKEN. This token ensures only authorized users or tools can talk to the Strix API.

How to think about the token (non-technical):

• STRIX_TOKEN is like a password for the API.
• Keep it secret and only share it with people or systems that should be allowed to run tests.

How to use the token (very simple):

• When calling the Strix API, include the token in the HTTP Authorization header like this: Authorization: Bearer

• If you use the interactive API docs (Swagger) in your browser, click the Authorize button and paste the token once — Swagger will then include it automatically with every request you try.

Why the token matters

• Prevents unauthorized use of the system (important because Strix can perform real security tests).
• Treat the token like any other credential: store it safely and rotate it if you believe it was exposed.

How to open the Swagger UI (interactive API docs)

After deployment, Strix exposes an interactive API explorer (Swagger) where you can view and try all available endpoints.

1. Open the public URL for your Railway deployment in a browser.
   Example: https://.up.railway.app

2. Append /docs to the URL and navigate there: https://.up.railway.app/docs

3. On the Swagger page you will see all API endpoints, their inputs and outputs, and live Try it out buttons.
   Use the Authorize control on the page to paste your STRIX_TOKEN. Once authorized, you can interact with the API directly from your browser.

What you can do from the Swagger UI

• Inspect available endpoints and their required inputs
• Send authenticated test requests (after authorizing with your token)
• View or download the OpenAPI spec for integration with other tools
• Start scans, retrieve results, and fetch reports (as exposed by the deployed template)

UX notes

• This template is built for one-click simplicity. We handle the deployment details; you get an endpoint and Swagger UI immediately.
• /docs is the easiest place to explore what Strix can do without writing any code.
• For automation, include the STRIX_TOKEN in the Authorization: Bearer ... header on every programmatic request.

Security & Legal

• Only test systems you own or have explicit permission to test. Unauthorized testing is illegal and unethical.
• Keep your STRIX_TOKEN secret. Rotate it if you suspect exposure.
• The tool can perform real exploit actions — use responsibly and in controlled environments.

Quick Getting Started (non-technical)

1. Deploy the template (one click).
2. Open https://.up.railway.app/docs.
3. Click Authorize and paste the STRIX_TOKEN provided by your deployment UI.
4. Use the Try it out buttons in Swagger to run scans or fetch reports.

Need a UI or deeper integration?

Strix provides an API-first, machine-oriented runtime. If you want a graphical dashboard, you can build a small frontend that talks to these API endpoints (protected by STRIX_TOKEN). The Swagger/OpenAPI spec makes it easy to generate clients or wire a UI quickly.

> Warning: Only test systems with explicit permission. Strix executes real testing and exploitation actions — be responsible.